Lucene search
+L

3768 matches found

CVE
CVE
added 2015/11/18 3:0 p.m.51 views

CVE-2015-6373

CVE-2015-6373 affects Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices. Root cause: CSRF vulnerability due to lack of CSRF protection. Impact: remote attackers could hijack user authentication and perform unwanted actions. Exploitation details: described as unauthe...

6.8CVSS7.5AI score0.00587EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/11/18 3:0 p.m.28 views

CVE-2015-6372

Cross-site scripting XSS vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.11.160 on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614...

5.7AI score0.00961EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/11/18 3:0 p.m.19 views

CVE-2015-6373

Cross-site request forgery CSRF vulnerability in Cisco Firepower Extensible Operating System 1.11.160 on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux10611...

7.3AI score0.00587EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/17 9:46 p.m.59 views

Cisco Firepower 9000 Series Switch Clickjacking Vulnerability

A vulnerability in the web interface of the Cisco Firepower 9000 Series Switch could allow an unauthenticated, remote attacker to affect the integrity of the device though a clickjacking or phishing attack. The vulnerability is due to the lack of proper input sanitization of iFrame data in the HT...

5CVSS6.6AI score0.00838EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/17 9:43 p.m.36 views

Cisco Firepower 9000 Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco Firepower 9000 Series Switch which could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the user of a web...

5CVSS7AI score0.00587EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/17 12:0 a.m.44 views

Cisco Firepower 9000 Persistent Cross-Site Scripting Vulnerability

A vulnerability in the HTTP web-based management interface of Cisco Firepower 9000 devices could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system. The vulnerability is due to insufficient input validation of a user-suppli...

4.3CVSS5.7AI score0.00961EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/17 12:0 a.m.42 views

Cisco Firepower 9000 Arbitrary File Read Access Script Vulnerability

A vulnerability in a user script supplied with Cisco Firepower 9000 devices could allow an authenticated, remote attacker to view any file on the device, even ones that should be restricted to authenticated users. The vulnerability is due to lack of input validation of the parameters passed to...

4CVSS6.3AI score0.00966EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/17 12:0 a.m.35 views

Cisco Firepower 9000 Command Injection at Management I/O Command-Line Interface Vulnerability

A vulnerability in the Management I/O MIO command-line interface CLI command execution of Cisco Firepower 9000 devices could allow an authenticated, local attacker to access the underlying operating system and execute commands at the root privilege level. The vulnerability is due to insufficient...

4.3CVSS7AI score0.00392EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/17 12:0 a.m.30 views

Cisco Firepower 9000 USB Kernel Denial of Service Vulnerability

A vulnerability in the USB driver of Cisco Firepower 9000 could allow an unauthenticated, local attacker with physical access to the device to send invalid USB commands to the kernel and cause a denial of service DoS condition. The vulnerability is due to insufficient sanitization of USB input...

4.7CVSS6.3AI score0.00309EPSS
Exploits0References1
Cisco
Cisco
added 2015/11/16 12:0 a.m.38 views

Cisco Firepower 9000 Unauthenticated File Access Vulnerability

A vulnerability in the web interface of the Cisco Firepower 9000 Series Switches could allow an unauthenticated, remote attacker to view certain files on the device that should be restricted. The vulnerability is due to lack of proper authentication checks when a request to download and view a...

5CVSS6.7AI score0.01217EPSS
Exploits0References1
CNVD
CNVD
added 2015/10/03 12:0 a.m.7 views

Cisco FirePOWER 7000 and 8000 Appliance Denial of Service Vulnerability

The Cisco FirePOWER 7000 and 8000 are Cisco's 7000 and 8000 series firewall appliances. The Cisco FirePOWER 7000 and 8000 appliances have a security vulnerability that allows remote attackers to send specially crafted packets for denial of service attacks...

6.1CVSS6.9AI score0.00697EPSS
Exploits0References1
NVD
NVD
added 2015/09/28 2:59 a.m.18 views

CVE-2015-6307

Cisco FirePOWER formerly Sourcefire 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service inspection-engine outage via crafted packets, aka Bug ID CSCuu10871...

6.1CVSS6.8AI score0.00697EPSS
Exploits0References1
Prion
Prion
added 2015/09/28 2:59 a.m.17 views

Code injection

Cisco FirePOWER formerly Sourcefire 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service inspection-engine outage via crafted packets, aka Bug ID CSCuu10871...

6.1CVSS7.3AI score0.00697EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2015/09/28 1:0 a.m.50 views

CVE-2015-6307

Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 series devices running software 5.4.0.1 are affected by CVE-2015-6307. The vulnerability allows an unauthenticated, adjacent attacker to cause the inspection engine to stall or stop processing packets by sending crafted packets, potentially resu...

6.1CVSS7AI score0.00697EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/09/28 1:0 a.m.20 views

CVE-2015-6307

Cisco FirePOWER formerly Sourcefire 7000 and 8000 devices with software 5.4.0.1 allow remote attackers to cause a denial of service inspection-engine outage via crafted packets, aka Bug ID CSCuu10871...

6.8AI score0.00697EPSS
Exploits0References1
Cisco
Cisco
added 2015/09/25 3:19 p.m.24 views

Cisco FirePOWER 7000 and Cisco FirePOWER 8000 Series Inspection Engine Stall Vulnerability

A vulnerability in FireSIGHT System Software for Cisco FirePOWER 7000 Series and Cisco FirePOWER 8000 Series devices could allow an unauthenticated, adjacent attacker to cause the inspection engine to stop processing packets. Depending on the affected system configuration, this may cause traffic...

6.1CVSS6.6AI score0.00697EPSS
Exploits0References1
CNVD
CNVD
added 2015/07/30 12:0 a.m.5 views

Cisco Firepower 9000 Series Device Information Disclosure Vulnerability

Cisco Firepower Extensible Operating System on Firepower 9000 device is a set of operating systems from Cisco that run on 9000 series firewall devices. A security vulnerability exists in the Cisco Firepower Extensible Operating System version 1.1 1.86 on the Cisco Firepower 9000 device, which...

5CVSS6.8AI score0.0127EPSS
Exploits0References1
NVD
NVD
added 2015/07/29 1:59 a.m.20 views

CVE-2015-4287

Cisco Firepower Extensible Operating System 1.11.86 on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230...

5CVSS6.5AI score0.0127EPSS
Exploits0References1
Prion
Prion
added 2015/07/29 1:59 a.m.20 views

Design/Logic Flaw

Cisco Firepower Extensible Operating System 1.11.86 on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230...

5CVSS7.1AI score0.0127EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2015/07/29 1:0 a.m.53 views

CVE-2015-4287

CVE-2015-4287 affects Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices. The issue arises from improper authentication validation in the device’s web interface, allowing remote attackers to bypass access restrictions and obtain sensitive device information by visitin...

5CVSS6.7AI score0.0127EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder